Unrated severityNVD Advisory· Published Dec 11, 2018· Updated Aug 5, 2024
CVE-2018-2502
CVE-2018-2502
Description
TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST (Cross Site Tracing) attack if frontend applications that are using Service Layer has a XSS vulnerability. This has been fixed in SAP Business One Service Layer (B1_ON_HANA, versions 9.2, 9.3).
Affected products
29.2, 9.3+ 1 more
- (no CPE)range: 9.2, 9.3
- (no CPE)range: = 9.2
Patches
Vulnerability mechanics
References
3- www.securityfocus.com/bid/106173mitrevdb-entryx_refsource_BID
- launchpad.support.sap.commitrex_refsource_MISC
- wiki.scn.sap.com/wiki/pages/viewpage.actionmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.